MCPcopy Create free account
hub / github.com/1Password/onepassword-operator

github.com/1Password/onepassword-operator @v1.12.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.12.0 ↗ · + Follow
283 symbols 858 edges 58 files 62 documented · 22% updated 37d agov1.12.0 · 2026-03-24★ 61531 open issues

Browse by type

Functions 244 Types & classes 39
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

1Password Connect Kubernetes Operator

Integrate 1Password Connect with your Kubernetes Infrastructure

Get started


The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.

✨ Get started

🚀 Quickstart

  1. Add the 1Password Helm Chart to your repository.

  2. Run the following command to install Connect and the 1Password Kubernetes Operator in your infrastructure:

helm install connect 1password/connect --set-file connect.credentials=1password-credentials-demo.json --set operator.create=true --set operator.token.value = <your connect token>
  1. Create a Kubernetes Secret from a 1Password item:
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
  name: <item_name> #this name will also be used for naming the generated kubernetes secret
spec:
  itemPath: "vaults/<vault_id_or_title>/items/<item_id_or_title>"

To create a list of Kubernetes Secrets from 1Password items, create a yaml file with the following

apiVersion: onepassword.com/v1
kind: OnePasswordItemList
items:
  - metadata:
      name: <item_name_1> #this name will be used for naming one of the generated kubernetes secrets
    spec:
      itemPath: "vaults/<vault_id_or_title>/items/<item_id_or_title>"
  - metadata:
      name: <item_name_2> #this name will also be used for naming another of the generated kubernetes secrets
    spec:
      itemPath: "vaults/<vault_id_or_title>/items/<item_id_or_title>"

Deploy the OnePasswordItem to Kubernetes:

kubectl apply -f <your_item>.yaml

Check that the Kubernetes Secret has been generated:

kubectl get secret <secret_name>

📄 Usage

Refer to the Usage Guide for documentation on how to deploy and use the 1Password Operator.

💙 Community & Support

🔐 Security

1Password requests you practice responsible disclosure if you discover a vulnerability.

Please file requests by sending an email to bugbounty@agilebits.com.

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

Shape

Function 131
Method 113
Struct 35
TypeAlias 3
Interface 1

Languages

Go100%

Modules by API surface

pkg/onepassword/client/testing/mock/connect.go24 symbols
pkg/kubernetessecrets/kubernetes_secrets_builder_test.go17 symbols
pkg/onepassword/secret_update_handler.go16 symbols
pkg/onepassword/client/testing/mock/sdk.go16 symbols
pkg/testhelper/kube/kube.go12 symbols
api/v1/zz_generated.deepcopy.go12 symbols
pkg/kubernetessecrets/kubernetes_secrets_builder.go9 symbols
internal/controller/onepassworditem_controller.go8 symbols
pkg/testhelper/kube/secret.go7 symbols
pkg/onepassword/secret_update_handler_test.go7 symbols
pkg/onepassword/client/sdk/sdk.go7 symbols
pkg/onepassword/client/connect/connect.go7 symbols

For agents

$ claude mcp add onepassword-operator \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page